actually removing the /etc/pam.d directory solved the problem..
it looks like cups installed some stuff there thinking Im on a linux box.
Jason
--
Christ:
A man who was born at least 5,000 years ahead of his time.
On Sat, 21 Sep 2002, Bob Johnson wrote:
> On Saturday 21 September 2002 01:56 pm, jason appears to have written:
> > running FreeBSD monsterjam.org 4.5-RC FreeBSD 4.5-RC #0: Sat Jan 26
> > 00:52:46 EST 2002
> > [EMAIL PROTECTED]:/space/obj/usr/src/sys/ROLAND i386 and
> > everything has been running absolutely ducky for quite a while
> > monsterjam# uptime
> > 1:45PM up 237 days, 35 mins, 8 users, load averages: 0.16, 0.04,
> > 0.02
> >
> > all of a sudden pam stops authenticating for my imap/pop3 users and
> > http users..
> > I see all these messages in my /var/log/messages:
> >
> > Sep 21 13:23:22 monsterjam cupsd: unable to
> > dlopen(/lib/security/pam_unix.so)
> > Sep 21 13:23:22 monsterjam cupsd: [dlerror: Cannot open
> > "/lib/security/pam_unix.so"]
> > Sep 21 13:23:22 monsterjam cupsd: adding faulty module:
> > /lib/security/pam_unix.so
> >
> > Sep 20 22:35:36 monsterjam login: _pam_init_handlers: no default
> > config /etc/pam.d/other
> > Sep 20 22:35:36 monsterjam login: error reading PAM configuration
> > file Sep 20 22:35:36 monsterjam login: pam_start: failed to
> > initialize handlers Sep 20 22:35:36 monsterjam login: pam_start:
> > Critical error - immediate abort
> >
> >
> > Sep 21 08:40:58 monsterjam login: unable to
> > dlopen(/lib/security/pam_unix.so)
> > Sep 21 08:40:58 monsterjam login: [dlerror: Cannot open
> > "/lib/security/pam_unix.so"]
> > Sep 21 08:40:58 monsterjam login: adding faulty module:
> > /lib/security/pam_unix.so
> > Sep 21 08:40:58 monsterjam login: pam_authenticate: Module is unknown
> >
> > Ive searched google and cant seem to find out what they mean.
> >
> > looking at my system, pam_unix.so is in /usr/lib, not /lib/security
> >
> > monsterjam# locate pam_unix.so
> > /usr/lib/pam_unix.so
> >
> > regular telnet,ssh logins to the box work fine, just not imap, pop3,
> > http, what should I do?
>
> Tentatively, I'd say it looks like someone installed their own (Linux?)
> version of PAM on your system in an effort to gain access.
>
> What does "ls -l /etc/pam.conf" show, and what is in /etc/pam.conf?
>
> Have you upgraded or installed anything at all recently?
>
> Also, have you kept up to date on security patches?
>
> What does "last" show?
>
> - Bob
>
> >
> > regards,
> > Jason
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
